Linux Kernel Netfilter Flowtable Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's netfilter component, specifically within the flowtable management. The issue arises during the cleanup process of flow tables, where pending hardware statistics or addition work can cause the garbage collection routine to skip necessary deletion steps. This oversight may lead to a situation where the flow table is freed while hardware deletion work is still pending, creating a use-after-free condition.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, which can commonly result in memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating a flow table entry that generates pending hardware statistics or addition work. During the flow table cleanup process, the garbage collector will skip queuing the necessary hardware deletion work for the entry with pending tasks. After the flow table is freed, the pending hardware work may still attempt to execute, leading to a use-after-free condition.